Tuesday, December 15, 2015

I am please to see the release of Signal Private Messenger for Android and iOS, a messaging application that has earned full marks in the EFF security score sheet. I am a fan of this product and I like it very much for the following reasons:

It is an open-source project offering the service for free. WhatsApp is not a free.

As a result, it can be reviewed by anyone capable of doing it while WhatsApp is proprietary, even though it claims to be underpinning by Open Whisper Systems but no one has reviewed that. Recent event has indicated that WhatsApp messages have been intercepted and decoded.

It is not owned by any company while WhatsApp is owned by Facebook, Skype by Microsoft. Thus all metadata in WhatsApp and Skype belongs to Facebook or Microsoft respectively.

According to well-known security researchers, Bruce Schneier and Matt Green, Signal is developed to a very high quality to provide end-to-end encryption (E2E) not only for messaging but also for voice and their endorsement must mean something.

I am not here to raise doubt of this product which I am using admittedly with very limited users to interact with and I have great trust. I hope it will do well.

But I am here to question whether it is enough to rely on technical superiority which is so well hidden from the users to induce them to switch to Signal and to grow its market shares. That's is: is building a smarter (more secure) mouse trap enough to win market shares? Other class of software such as web browser, anti-virus, media player, or mail client can draw people to switch based of superiority of features.

Looking at the landscape of messaging applications it is difficult to see how Signal can rely on security implementation, so out of sight of the user, to win market shares. Will this become a replay of VHS (WhatsApp, Skype, etc) vs BetaMax (Signal) of the 21st Century?

Messaging applications are like clubs or cults in which they only allow club members to interact and go to great length to discourage inducement to leave and definitely providing no facility to support inter-club interaction. This produces network effect to draw people in and that also becomes disincentive to leave and its nurture of human social interaction provides a positive feedback to increase the network effect.

Looking at the EFF Security score card, most of the popular messaging applications do not use security best practices and their inferiorities do not seem to matter to the users. The anecdotal conclusion one can draw is that users do not care with online privacy and security despite well publicised massive surveillance activities. Unlike other type of application, such as web browser, there is no report of people deserting one messaging application to another, despite vulnerabilities and caught not using secure messaging mechanism when they claim to use. For those entrenched players, they must feel like in a no-loss situation. The only way they can lose to a competitor is by a total annihilation of the enterprise.

Messaging applications have another unique characteristics that it is not the features that draw users to choose a particular application; there is a great degree of peer pressure exerted by those early adapters unwittingly forcing people to form that circle of friends. This peer pressure then forms a vortex to draw more and more people in. Their only concern is to be able to communicate with the club members.

Because of the lack support for inter-application interaction, the application through using proprietary communication protocol forms a natural barrier for their user to leave. Apart from that, the user does not see any benefit for using a different application that essentially providing the same things - messaging and may be voice - and having to desert their friends. So why leave? What is the benefit to them?

Many users of messaging applications also form the mistaken belief that they can only use one messaging application in their device. Perhaps it is this mistaken belief or blind fanaticism to their favourite application they are also reluctant to install other messaging applications to increase their reach to their friends. Since Signal is so similar to WhatsApp, it is simply a matter of installing and waiting for others in the contact to install their copy of Signal to re-establish communication. Even that simple is not enticing.

I have spoken to several users of messaging applications as well as non-users and recommending to switch over to a more secure application called Signal. But telling them the benefits of Signal is like talking about wine apprecThis is particularly difficult when Signal is so similar to the
operations of WhatsApp separated by a thin veneer of technical features.
In view of this, users of WhatsApp (or other app) are unwilling to
desert their circle of friends to use something that to them is almost
the same thing with minute user base, by comparison. iation to a group of teetotalers. To them the improve security and end-to-end encryption (E2E) are not enough to sway them. Even people that has not used messaging application seems to be reluctant to get onboard with Signal because they have not heard of it being mentioned by their friends.

So I wonder how a late comer like Signal can overcome these barriers to increase its market shares? How it can base on technical superiority to entice users who are disinterested of them that Signal relies on to distinguish it from others? What is the future of Signal apart from being a niche player at best? Clearly Signal needs to improve its image and marketing.

From the analysis, users of messaging applications place extremely high premium on their ability to reach their circle of friends and ignore other issues like security and privacy. Therefore if the new comer, like Signal, wanting to rise up, it must give their users a transparent way to interact with their circle of friends without requiring them to switch en masse like the present situation. How to achieve that is the real challenge in messaging application development in view of no standard communication protocol?